web安全——ClickJacking一、ClickJacking含义与危害二、几种表现形式三、防范

??????绡?涓昏???瀵硅??宸卞???web瀹??ㄧ??杩?绋??荤?锛?澶??版????涔????ヨ?????寰?锛?????涓?浜???宸辩??涔??剁??????璁板?涓?????锛???骞茶揣??澶??版?ヨ?????藉附瀛?璁?eb瀹??ㄣ??涓?涔??瀵逛????㈢??????锛???瀹?腑浠ョ孩?插??浣????恒??娉????瀹?腑涓?浜?绀哄?炬??????藉附瀛?璁?eb瀹??ㄣ??涓?涔???

涓???ClickJacking??涔?涓??卞??/h1>

1. 姒?杩?/h2>

????ClickJacking锛??崇?瑰?诲????????杩?瀵圭?ㄦ?峰?ㄨ?瑙?涓???娆洪??瀹????诲?伙?涓昏???CSS?у?舵?诲?诲????????杩???琚??诲?荤?绔?(????互Alice琛ㄧず)璁剧疆涓?杞存??澶у?硷??充?浜?椤甸?㈢??????杩??ㄦ?风???版?癸?骞惰?剧疆涓洪????????寰??ㄦ?风?瑰?婚〉?㈠?朵???绛炬??渚?濡?button)锛?瀹???涓??瑰?诲?颁?Alice涓??㈢????瀹广??

2. 褰㈡??????

????web椤甸?㈤???ㄦ??绛捐???锛?褰㈡??浜?绫讳技??涓?缁粹????涓?瑗匡?瀵圭?ㄦ?风????瑙??у????绠?浣?绗?涓?缁达???杞达???杩?CSS??z-index灞??ф?у?躲??opacity灞??ф?у?剁?ㄦ?峰??瑙??с?????锛???浠ュ?ㄤ?涓?web椤甸??腑宓?濂??朵?????缃?椤碉?浠???????瀵圭?ㄦ?风??娆洪??锛?褰㈡???瑰?诲??????

浜?????绉?琛ㄧ?板舰寮?

1. <iframe>??绛惧?濂?

????????寰?绠???锛?灏辨??涓??㈡??璇寸?????存?ョ??浠ｇ???????俱??

<!DOCTYPE HTML>
<html>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<head>
<title>click hijacking</title>
<style>
     html,body,iframe{
         display: block;
          height: %;
          width: %;
          margin: ;
          padding: ;
          border:none;
     }
     iframe{
          opacity:;
          filter:alpha(opacity=);
          position:absolute;
          z-index:;
     }
     button{
          position:absolute;
          top: px;
          left: px;
          z-index: ;
          width: px;
          height: px;
     }
</style>
</head>
     <body>
          hijacking
          <button>click here</button>
          <iframe src="http://www.jd.com/"></iframe>
     </body>
</html>
           

????涓??㈤??杩?<iframe>??绛惧??宓?浜?浜?涓???涓婚〉锛?骞朵???浜?涓?涓婚〉璁剧疆??浜?????锛?涓???杞磋?绂荤?ㄦ?锋??杩?锛?涔?灏辨??澶??存?ユ?ュ???ㄦ?风?瑰?汇???跺???ㄩ〉???璁剧疆浜?涓?涓?????锛??ㄦ?疯?遍???ㄦ?风?瑰?汇??褰??ㄦ?风?瑰?绘?????讹?瀹???涓?瑙???????浜?涓?涓婚〉涓????稿?虫??浣???

2. ?剧??瑕???

??????瀵瑰?剧??瑕???????瑙ｆ??锛?灞?浜???瀛??ㄥ??????棰?锛??崇?绔???璁哥?ㄦ?蜂?浼??剧??锛?浣???娌℃?????剁?ㄦ?蜂?浼??剧????浣?缃???骞朵?锛?涓?浼??剧??????浠ラ??杩?html?ユ????????杩??锋???介??杩???tml涓?宓???ss锛??у?跺?剧????浣?缃?锛?渚?濡?csdn??杩?markdown????瀹㈠氨???藉?虹?拌??风????棰???杩??凤??ㄥ?朵??ㄦ?锋?ョ????瀹㈢???跺??锛??ㄦ???诲?昏??)涓?浼????剧??灏变?琚???杞藉?版??瀹?浣?缃?锛?瀹???浜?瀵瑰?朵??ㄦ?风??娆洪??锛???浠ョ??瑙ｄ负??瀛??ㄥ??????

!

3. ?朵?

?????轰?娴?瑙??ㄦ???界???版??????锛???杩???Alice缃?椤垫?惧?ㄩ??????<frame>??绛句腑锛??跺???剧疆涓?涓????藉?硅薄(渚?濡???杩?娓告??)锛???杩??ㄦ?风?????藉氨??Alice缃?绔?涓????????版??浼????颁??诲?昏??缃?绔???

?????ㄦ?鸿?借?惧?缃?椤典???TapJacking??

涓????茶??

1. Alice??杩??ㄧ?椤典腑娣诲??js?????绘?㈣?iframe宓?濂?

?????变?Alice缃?绔???瑕??ㄦ?诲?昏?缃?绔???<frame>涓???杞斤???浠?lice缃?椤电?????????疯???杞藉?版?诲?昏??缃?椤点??浜???锛?Alice??js??????浠ユ?ц?锛??跺???╃??s?ユ?娴?琚?宓?濂?浜?浠讹?浠ョ?姝㈣?宓?濂????蜂??茶??浠ｇ?????ヨ?????

????缂虹?癸???浠ヨ?缁?杩???

2. Alice缃?绔?璁剧疆X-Frame-Options??http澶?/h2>

????瀵圭?绔?璁剧疆X-Frame-Options??http澶村??浠ョ?缁?涓?涓?缃?绔?琚???杞藉??lt;frame>??绛俱??杩?涓??瑰?ㄣ???藉附??涓?涔?腑????瀛???杩版???归??棰???

?????蜂?涓鸿?剧疆?间负锛?DENY?讹?绂?姝㈠?ㄤ换浣???缃?椤典腑??杞芥?ら〉???SAMEORIGIN?讹?????璁稿?ㄥ??涓?????椤甸?㈢?? <frame>涓?灞?绀猴?ALLOW-FROM uri?讹???璁稿?跺??Uri??椤甸?㈢??<frame>涓?灞?绀恒??